Selfhosted

59999 readers

802 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

709

Jellyfin critical security update - This is not a joke (github.com)

submitted 2 months ago by Mubelotix@jlai.lu to c/selfhosted@lemmy.world

260 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Cyber@feddit.uk 6 points 2 months ago (1 children)

It's difficult to do security-only updates when the fix is contained within a package update.

Even Microsoft's security updates are a mix with secuirity updates containing feature changes and vice versa.

I usually do an update on 1 random device / VM and if that was ok (inc. watching for any .pacnew files) and then kick Ansible into action for the rest.

[–] quick_snail@feddit.nl 1 points 2 months ago (1 children)

Why does unattended upgrades with security only setting not fix this?

This is literally why Debian has distinct repos for security updates.

[–] Cyber@feddit.uk 1 points 2 months ago (1 children)

Let me know which repo this update appears in.

[–] quick_snail@feddit.nl 1 points 2 months ago

The jellyfin repo